ReplicaTEE: Enabling Seamless Replication of SGX Enclaves in the Cloud

Soriente, Claudio; Karame, Ghassan; Li, Wenting; Fedorov, Sergey

doi:10.1109/eurosp.2019.00021

Cited by 11 publications

(8 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ReplicaTEE [31] considers another aspect of TEE migration: provisioning of newly instantiated TEEs. Although ReplicaTEE does not support replicating TEEs with their internal state intact, it allows server operators to start up multiple instances of the same enclave and provision them with the same secret without interacting with the application owner.…”

Section: Latency Vs Crypto Librarymentioning

confidence: 99%

CTR: Checkpoint, Transfer, and Restore for Secure Enclaves

Nakatsuka¹,

Öztürk²,

Shamis³

et al. 2022

Preprint

View full text Add to dashboard Cite

Hardware-based Trusted Execution Environments (TEEs) are becoming increasingly prevalent in cloud computing, forming the basis for confidential computing. However, the security goals of TEEs sometimes conflict with existing cloud functionality, such as VM or process migration, because TEE memory cannot be read by the hypervisor, OS, or other software on the platform. Whilst some newer TEE architectures support migration of entire protected VMs, there is currently no practical solution for migrating individual processes containing in-process TEEs. The inability to migrate such processes leads to operational inefficiencies or even data loss if the host platform must be urgently restarted.We present CTR, a software-only design to retrofit migration functionality into existing TEE architectures, whilst maintaining their expected security guarantees. Our design allows TEEs to be interrupted and migrated at arbitrary points in their execution, thus maintaining compatibility with existing VM and process migration techniques. By cooperatively involving the TEE in the migration process, our design also allows application developers to specify stateful migration-related policies, such as limiting the number of times a particular TEE may be migrated. Our prototype implementation for Intel SGX demonstrates that migration latency increases linearly with the size of the TEE memory and is dominated by TEE system operations.

show abstract

Section: Latency Vs Crypto Librarymentioning

confidence: 99%

CTR: Checkpoint, Transfer, and Restore for Secure Enclaves

Nakatsuka¹,

Öztürk²,

Shamis³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Access to this memory is mediated by the hardware and only privileged code can add or alter data. Remote parties are able to verify that a specific code is running within an SGX-enclave using a Direct Anonymous Attestation (DAA) scheme [57]. In [57], the authors propose a new solution that "enables dynamic replication and de-commissioning of TEE-based applications in the cloud".…”

Section: Trusted Execution Environmentmentioning

confidence: 99%

“…Remote parties are able to verify that a specific code is running within an SGX-enclave using a Direct Anonymous Attestation (DAA) scheme [57]. In [57], the authors propose a new solution that "enables dynamic replication and de-commissioning of TEE-based applications in the cloud". The authors find that their solution, named ReplicaTEE, of a cloud TEE remains secure even if an attacker controls a large fraction of the cloud infrastructure.…”

Section: Trusted Execution Environmentmentioning

confidence: 99%

Study on the Technical Evaluation of De-Identification Procedures for Personal Data in the Automotive Sector

Rannenberg¹,

Pape²,

Tronnier³

et al. 2021

View full text Add to dashboard Cite

The aim of this study was to identify and evaluate different de-identification techniques that may be used in several mobility-related use cases. To do so, four use cases have been defined in accordance with a project partner that focused on the legal aspects of this project, as well as with the VDA/FAT working group. Each use case aims to create different legal and technical issues with regards to the data and information that are to be gathered, used and transferred in the specific scenario. Use cases should therefore differ in the type and frequency of data that is gathered as well as the level of privacy and the speed of computation that is needed for the data. Upon identifying use cases, a systematic literature review has been performed to identify suitable de-identification techniques to provide data privacy. Additionally, external databases have been considered as data that is expected to be anonymous might be reidentified through the combination of existing data with such external data. For each case, requirements and possible attack scenarios were created to illustrate where exactly privacy-related issues could occur and how exactly such issues could impact data subjects, data processors or data controllers. Suitable de-identification techniques should be able to withstand these attack scenarios. Based on a series of additional criteria, de-identification techniques are then analyzed for each use case. Possible solutions are then discussed individually in chapters 6.1 - 6.2. It is evident that no one-size-fits-all approach to protect privacy in the mobility domain exists. While all techniques that are analyzed in detail in this report, e.g., homomorphic encryption, differential privacy, secure multiparty computation and federated learning, are able to successfully protect user privacy in certain instances, their overall effectiveness differs depending on the specifics of each use case.

show abstract

“…Alder et al proposed an approach to migrate the persistent states of enclaves, e.g., sealed data, which is outside of the enclave memory [68]. And Soriente et al designed ReplicaTEE for seamless replication of enclaves in clouds [69]. While all these designs address secret migration between enclaves with the same measurement, our technique could complement them by enabling secret migration between enclaves with different measurements.…”

Section: Related Workmentioning

confidence: 99%

MAGE: Mutual Attestation for a Group of Enclaves without Trusted Third Parties

Chen,

Zhang

2020

Preprint

View full text Add to dashboard Cite

Intel Software Guard Extensions (SGX) local and remote attestation mechanisms enable an enclave to attest its identity (i.e., the enclave measurement, which is the cryptographic hash of its initial code and data) to an enclave. To verify that the attested identity is trusted, one enclave usually includes the measurement of the enclave it trusts into its initial data in advance assuming no trusted third parties are available during runtime to provide this piece of information. However, when mutual trust between these two enclaves is required, it is infeasible to simultaneously include into their own initial data the other's measurements respectively as any change to the initial data will change their measurements, making the previously included measurements invalid. In this paper, we propose MAGE, a framework enabling a group of enclaves to mutually attest each other without trusted third parties. Particularly, we introduce a technique to instrument these enclaves so that each of them could derive the others' measurements using information solely from its own initial data. We also provide a prototype implementation based on Intel SGX SDK, to facilitate enclave developers to adopt this technique.

show abstract

ReplicaTEE: Enabling Seamless Replication of SGX Enclaves in the Cloud

Cited by 11 publications

References 24 publications

CTR: Checkpoint, Transfer, and Restore for Secure Enclaves

CTR: Checkpoint, Transfer, and Restore for Secure Enclaves

Study on the Technical Evaluation of De-Identification Procedures for Personal Data in the Automotive Sector

MAGE: Mutual Attestation for a Group of Enclaves without Trusted Third Parties

Contact Info

Product

Resources

About